Follow the below steps to create Admin Access Control Lists.

Step 1: Create ACL rule
Step 2: Flush Magento cache
Step 3: Check ACL rule

Step 1: Create ACL rule

Now, we will see how to add our module to ACL role. We will use a previous simple module PHPCodez First to do this. As in the Admin Menu and System Configuration article, you saw that we alway have a resource attribute when create it. Now we will register that resources to the system, so Magento can realize and let us set a role for them.

File: app/code/PHPCodez/First/etc/acl.xml

<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Acl/etc/acl.xsd">
 <acl>
 <resources>
 <resource id="Magento_Backend::admin">
 <resource id="PHPCodez_First::first" title="PHPCodez" sortOrder="51">
 <resource id="PHPCodez_First::post" title="Posts" sortOrder="10"/>
 <resource id="PHPCodez_First::first_configuration" title="Configuration" sortOrder="99" />
 </resource>
 <resource id="Magento_Backend::stores">
 <resource id="Magento_Backend::stores_settings">
 <resource id="Magento_Config::config">
 <resource id="PHPCodez_First::first_config" title="PHPCodez"/>
 </resource>
 </resource>
 </resource>
 </resource>
 </resources>
 </acl>
</config>

Our resource will be placed as child of Magento_Backend::admin. Each resource will have an Id, title and sortOrder attribute:

Id attribute is the identify of this resource. You can use this when define resource in Admin menu, configuration and limit access to your module controller. This is a unique string and should be in this format: Vendor_ModuleName::resource_name.

Title attribute is the label of this resource when showing in resource tree.

sortOrder attribute define the position of this resource in tree.

Step 2: Flush Magento cache

php bin/magento cache:flush